Kaspersky: Malware May Have an Answer in the Cloud - Page 2

This may not be a particularly surprising or profound revelation, but, says Kaspersky, it does provide a clue as to how to tackle the global rise in malware. "If you want to stop cybercrime, the you have to make it less profitable." Cloud-based threat detection and monitoring systems, such as the ones that the large security vendors are putting in place, are perfectly suited to doing that, he believes.

To understand why, Kaspersky points out that a typical example of malware goes through a distinct timeline. First it is developed and placed on the Internet. Next it is distributed, often using spam email or poisoned search engine results to entice victims to click on links and download the malware. Then comes the most important stage, as far as the cybercriminal is concerned, when the malware infects a victim's machine and can then get to work generating profits in whatever way it has been designed to do.

This period in which cybercriminals can monetize the machines their malware has infected is brought to an end when anti-virus products are updated to detect and remove the infection and prevent new machines getting infected. After this point profits are significantly curtailed, and the cybercriminals are forced to move on to a new criminal initiative.

Cloud security systems can be effective in reducing the period when cybercriminals can monetize machines infected by malware from days to a matter of minutes, Kaspersky claims. How can they do this? He says their sensors can detect a new piece of malware very soon after it is placed on the web, and then block access to the website hosting the malware. The beauty of this system is that end user systems don't need to wait until new virus signatures are available. "Because cloud reaction time is much faster, it can provide protection against new malware just a few minutes after it first appears on the web," says Kaspersky.

The good news is that that means cybercriminals have a very short period of time in which to generate profits. And since malware writers are motivated by profits, this should result in a decline in common malware - just as the small number of modems left in existence has led to a significant reduction in dial-up Trojans.

The bad news, says Kaspersky, is that cloud security systems don't mean the end of all cybercrime. Firstly, they will have to become widely adopted before cybercrime profitability starts to fall. Even then, cloud systems will only be able to stop simple malware executable (.exe) files; they can do little against non-executable malware, server side polymorphic malware that changes all the time, file infectors, newer types of malware such as the ultra- sophisticated Stuxnet virus, or highly targeted attacks where a piece of malware is designed to infect a particular organization such as a bank.

But cloud security systems will still have a significant impact, he maintains. "Malware that cloud systems can't detect is much harder to develop. That means the entrance ticket for cybercriminals is much higher, and junior cybercriminals can't get involved." With the cost of entry higher, and the opportunity to make profits lower, malware-based cyber crime becomes a much less attractive proposition.

The conclusion must therefore be that cloud security technology will lead to a decline in cybercrime, Kaspersky believes. Or, as he puts it: "Happy End!"